On June 12, a French Court of Appeals upheld a decision ordering Twitter to divulge the identities of the authors of anti-Semitic tweets, which are illegal under French law. The original injunction, which was issued by a French lower court judge in January, also ordered Twitter to install a mechanism that would enable users to inform Twitter of illegal content more easily. While Twitter instituted a new mechanism for reporting illegal content, it appealed the order to disclose its users’ identities, citing potential privacy implications.
In a detailed analysis of the court’s order for the IAPP Privacy Perspectives blog, Chris Wolf of Hogan Lovells’ Washington, DC office and Winston Maxwell of the Paris office describe how the order, issued directly by the French court to California-based Twitter, which does not have a French establishment, implicates jurisdictional issues and calls into question the use of anonymity as a privacy shield to post hate speech online.
Hogan Lovells Privacy and Information Management Director Chris Wolf will moderate a free IAPP teleconference this Thursday, June 20, at 4 PM EDT on “The Implications of the NSA Leaks for Privacy Professionals.” To register, click here.
The Federal Trade Commission (“FTC”) recently issued a revised guidance (“Guide”) on the Red Flags Rule (“Rule”) (see “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business”). The Red Flags Rule requires certain businesses to develop, implement and administer an identity theft protection program. The purpose of this Guide is to help businesses determine whether they are subject to the Rule as a “financial institution” or “creditor” that maintains “covered accounts.” For businesses that are covered by the Rule, the Guide includes tips on establishing an identity theft prevention program that meets the Rule’s requirements.
According to Fleur Pellerin, the French Minister for Digital Economy, the Minister of Justice has rejected the latest version of the draft EU Data Protection Regulation. In Parliamentary questioning on 11 June, the Minister confirmed the French Government’s commitment to ensuring adequate protection of personal data, but stated that the French Government’s opposition is based on the current concept of “one stop shop” for data controllers established in more than one Member state of the European Union. This position follows the CNIL’s expression of concern because of the potential difficulties data subjects could face in submitting complaints to a foreign data protection authority.
Chambers USA and Legal 500 US recently released their 2013 rankings, and Hogan Lovells’ Privacy and Information Management practice was placed in Band 1 by Chambers USA and in Tier 1 by Legal 500 US. Also, both of our practice leaders, Marcy Wilder and Christopher Wolf, were selected for Chambers’ top rankings among privacy law practitioners and were dubbed “Leading Lawyers” by Legal 500.
Chambers noted our practice for “outstanding client service and scope of knowledge,” and spotlighted our leading healthcare-focused work. Legal 500 sources said that they “value [our practice] for providing ‘pragmatic, business-relevant advice with minimal legalese.’” Continue Reading
Concerned that the prescriptive nature of the proposed EU Data Protection Regulation will impose a significant additional administrative burden on regulators, the UK Information Commissioner’s Office (ICO) has published on its website a letter to the Secretary of State for Justice which re-states the Information Commissioner’s concerns about the proposed Regulation.
The key source of the Commissioner’s concerns is that the prescriptive nature of the Regulation will impose a significant additional administrative burden on regulators. Coupled with the abolition of notification fees, the ICO’s current source of funding, the Commissioner suggests the ICO would no longer be able to intervene on the basis of risk and proportionality, and that this would make it less effective.
Aspects of the Regulation which the Commissioner identifies as being of particular concern are: Continue Reading
In February 2013, the European Union published the EU Cyber Security Strategy and accompanying proposed Directive (which we previously covered here). Now, in anticipation of the implementation of the Directive, the UK’s Department for Business, Innovation and Skills (BIS) has published a call for evidence to look at the impact of the Directive upon businesses in the UK. Continue Reading
A meeting in London to discuss the contours of a use-based model as an approach to data protection is occurring today. Approximately thirty regulators, industry officials, advocates, and academics are participating, including Hogan Lovells partner Chris Wolf. The meeting is being hosted by the Privacy Projects and is being moderated by Viktor Mayer-Schönberger, Professor of Internet Governance and Regulation at the University of Oxford, and Fred Cate from the Center for Applied Cybersecurity Research at Indiana University.
The discussion is centering on how, in addition to the current focus on notice, choice, and purpose specification at time of data collection, use analysis can be used a tool of data protection. There is a focus on the “harms” or “impacts” of information to help guide determinations about uses and use conditions in context. The participants seem to agree a use analysis can serve as means effectively to implement the Fair Information Practice Principles (FIPPs), helping to determine when and how notice, consent, access, etc. can be implemented. Focusing on use in a sense shifts the analysis away from relying predominantly on the protections at the time of collection of data, which makes sense in a world where there are multiple channels of collection of data about people, as well as potential beneficial (and non-risky) uses of data for “Big Data” analytical purposes.
Documents relevant to the discussion include the English translation of the CNIL’s 2012 report, Methodology for Privacy Risk Management, and the World Economic Forum’s 2013 report, Unlocking the Value of Personal Data: From Collection to Usage.
Hogan Lovells has published a White Paper demonstrating that the limitations applied to U.S. law enforcement access to data stored in the Cloud during national security and foreign intelligence investigation in many cases surpass restrictions applied during similar investigations in other countries. A Sober Look at National Security Access to Data in the Cloud was written by Christopher Wolf, co-director of Hogan Lovells’ Privacy and Information Management Practice based out of Washington, D.C., and Winston Maxwell, a partner in Hogan Lovells’ Paris office specializing in media, communications, and data protection. The White Paper was released and discussed by Messrs. Maxwell and Wolf at a program of the OpenForum Academy in Brussels.